View/Create permissions not being applied

[priethor]

• Your Rocket.Chat Experimental app version: 4.7.0.17188
• Your Rocket.Chat server version: 3.3.0
• Deviceyou're running with: Pocophone F1 with Android 10

Steps to reproduce:

• Go to Admin/Permissions and remove the create-c, create-d, create-p, view-c and view-d permissions for a role such as livechat-agent
• Edit a user by giving it only the livechat-agent role
• Now if you login as this livechat-agent user:
  • In the web application, the icon for creating groups/channels/direct messages doesn't appear, and it can only see private rooms he belongs to (and livechats).
  • In the mobile applications (either in Rocket.Chat or Rocket.Chat Experimental), the permissions are not being applied and the user can still create rooms/channels/direct messages and talk to other users.

One question that comes to mind is, are the permissions not being controlled on the server side, just on the client side?

[djorkaeffalexandre]

Hey @priethor, we have some permissions that are not respected yet on our app, like create-c, create-d, it's missing implementation.
Really thanks about you to document this here.
If anyone from community want to do this, just go ahead.
If it has no activity from community we'll do ASAP.
Thanks.

[priethor]

Great! My colleague @victortb will have a look at this issue!

[Jose96GIT]

I am working on this issue and I'm finding some problems on developing it.

What I'm doing is, after rendering the header of the NewMessageView is checking out permissions here, but I don't know how to obtain them. I have seen that the hasPermission function is used for obtaining permissions but as I don't have the room id due to that user is not in a room yet, I cannot use it.

Can you please guide me on how to do it? Thanks!

UPDATE: Finally I've solved this issue myself. Thanks also.